一些通用跳转地址,XXOXX的时候有点用

    by axis
    2007-03-28
    http://www.ph4nt0m.org 
    简体中文windows的通用跳转地址:(2k/XP/2k3)
    0x7ffa45f3 jmp ecx \xff\xe1
    0x7ffa4967 jmp ebp \xff\xe5
    0x7ffa4a1b jmp ebx \xff\xe3
    0x7ffa6773 push ebx,retn \x53\xc3 (0x7ffa6772 是 pop edx)
    0x7ffd1769 — 0x7ffd1779 jmp eax \xff\xe0
    0x7ffc01b0 pop esi,retn \x5e\xc3
    0x7ffa54cf 0x7ffaf780 jmp edx \xff\xe2

    7FFA1571 58 POP EAX
    7FFA1572 BF 58C058C2 MOV EDI,C258C058
    7FFA1577 58 POP EAX
    7FFA1578 C3 RETN

    韩文版windows 2003 sp1上的 KR
    kr 2k3 sp1
    71ab1346 call eax ws2_32.dll
    71ab4340 jmp eax ws2_32.dll
    71ac273f call ecx ws2_32.dll
    71ab6e3b jmp ecx ws2_32.dll
    71ab5fb0 call ebx ws2_32.dll
    71ab596b call esi ws2_32.dll
    71ab5503 call edi ws2_32.dll
    71ab5f62 pop edi, pop esi retn ws2_32.dll

    可能是韩文版windows通用地址的(需确认) KR
    7ffa6d56 call eax
    7ffa78aa call edx
    7ffa7306 call ecx
    7ffa901a call ebx
    7ffa4a1b jmp ebx
    7ffa82a4 call esp
    7ffa8b3c call esi
    7ffa49d7 jmp esi


    jp 2003 sp1 r2
    日文 windows 2003 r2 SP1

    7c999c86 call ebx ntdll.dll
    7c9a96aa call ebx ntdll.dll
    7c9b2c62 call ebx ntdll.dll
    7c9834a3 jmp ebx ntdll.dll

    7c9d1d1e jmp esp ntdll.dll
    7c9585fb call eax ntdll.dll
    7c99c6cb jmp eax ntdll.dll

    7c95139e pop esi,pop ebp,retn ntdll.dll

    7c951bc2 call ecx ntdll.dll
    7c9c27bb call edx ntdll.dll
    7c9523d7 call edi ntdll.dll
    7c96a3c3 call esi ntdll.dll

    71aa596b call edi ws2_32.dll
    71aa5503 call edi ws2_32.dll
    71aa5fb0 call ebx ws2_32.dll
    71aa1346 call eax ws2_32.dll
    71aa4340 jmp eax ws2_32.dll
    71aa596b call esi ws2_32.dll
    71aa5f62 pop edi,pop esi,retn ws2_32.dll

    win tw 繁体中文windows通用地址(至少2k3 sp1)
    7ffa2186 jmp ebx
    7ffd1987 call eax (2k3 tw)
    7ffaf9a8 jmp eax
    7ffa46ad jmp ecx
    7ffafffa jmp edx
    7ffa24ce jmp esp
    7ffa2b64 jmp esi
    7ffa2eac jmp edi

    71b75fb0 call ebx ws2_32.dll

发表评论

发表评论